Date: Thu, 21 Aug 2008 22:10:42 +0200 From: Rink Springer <rink@FreeBSD.org> To: Jeremy Chadwick <koitsu@FreeBSD.org> Cc: Mikhail Teterin <mi+mill@aldan.algebra.com>, freebsd-stable@FreeBSD.org, freebsd-security@freebsd.org Subject: Re: machine hangs on occasion - correlated with ssh break-in attempts Message-ID: <20080821201042.GA56182@rink.nu> In-Reply-To: <20080821200309.GA19634@eos.sc1.parodius.com> References: <48ADA81E.7090106@aldan.algebra.com> <20080821200309.GA19634@eos.sc1.parodius.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 21, 2008 at 01:03:09PM -0700, Jeremy Chadwick wrote:
> Finally, consider moving to pf instead, if you really feel ipfw is
> what's causing your machine to crash. You might be pleasantly surprised
> by the syntax, and overall administrative usability (it is significantly
> superior to ipfw, IMHO).
In fact, pf can already do this out-of-the-box, by doing something like:
table <sshlusers> persist
pass quick on $wan_if proto tcp from any to any port ssh flags S/SA keep
state \
(max-src-conn 15, max-src-conn-rate 5/3, overload <sshlusers> flush
global)
If that is not an option, I have found that security/denyhosts works
pretty well too (it just adds IP's to /etc/hosts.deniedssh, and
host_access(5) denies them based on this)
Regards,
--
Rink P.W. Springer - http://rink.nu
"Anyway boys, this is America. Just because you get more votes doesn't
mean you win." - Fox Mulder
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080821201042.GA56182>